module LoginSystem
  
  protected
  
  def authorize?(user)
    if user
      # Check current user is owner of this lough or not.
      return true
    end
    
    return false
  end
  
  # A filter that any login required controller should be called.
  def login_required
    if current_user && authorize?(current_user)
      return true
    end
    
    # authorization failed, so we need store origin url.
    store_return_url
    
    access_denied
    
    return false
    
  end
  
  def store_return_url
    session[:return_to] = request.request_uri
  end
  
  def access_denied
    redirect_to login_url
  end
  
end